Leak gave access to routers of millions of Germans

Dec

24

2015

The German developer Alexander Graf found passwords in the memory of its own router. This gave access to the service network of Vodafone subsidiary Kabel Deutschland. Thus he could look around freely on the routers of 2.8 million Germans.

Alexander Graf discovered the vulnerability when he was looking into its own router to the login data for its VoIP Access, which he wanted to use to connect to its own hardware. He found a hidden network called wan0, which appeared to be part of the maintenance of the German network provider. Through this network, he could later via telnet and ssh access to the routers of 2.8 million other users. The access passwords of these routers were partially stored in plain text in the memory of its own router. These were same for all devices.

He was then able to execute arbitrary code on the routers with root access. Therefore he could learn the passwords of other users and thus use their connection and calls at their expense. He decided to inform the provider and it responded within one month of the notification to the users to maintain network isolated from each other. According to the site Heise would leak have been ten years may exist. Graf will present his findings next week at the 32nd Chaos Communication- congress in Hamburg.

Viewing:-141

In: Technology & Gadgets Asked By: [15175 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »